Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/76/XQEQakMJn8VgjRBkKPfy9935b8I.roa
File: XQEQakMJn8VgjRBkKPfy9935b8I.roa (raw, json)
Hash identifier: woojIYihcXT0CuyoXgIq6zv6SJzl1fBJ42EBPiNEWLQ=
Subject key identifier: 5D:01:10:6A:43:09:9F:C5:60:8D:10:64:28:F7:F2:F7:DD:F9:6F:C2
Certificate issuer: /CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Certificate serial: 1CE8
Authority key identifier: 2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XQEQakMJn8VgjRBkKPfy9935b8I.roa
Signing time: Sat 14 Jun 2025 15:09:54 +0000
ROA not before: Sat 14 Jun 2025 15:09:54 +0000
ROA not after: Thu 09 Apr 2026 06:33:21 +0000
asID: 9391
IP address blocks: 125.169.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7400 (0x1ce8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2E266DC3EAD80EB25D49858A64DC1EF1C8A1B942
Validity
Not Before: Jun 14 15:09:54 2025 GMT
Not After : Apr 9 06:33:21 2026 GMT
Subject: CN=5D01106A43099FC5608D106428F7F2F7DDF96FC2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:0a:11:3e:c4:bc:ce:79:c9:62:6f:f0:1a:2c:
f3:97:2c:aa:53:4a:7c:c2:2f:3e:c1:51:ef:20:8c:
bf:03:fa:d1:17:fa:54:fd:7a:24:a2:bb:ba:8b:47:
14:52:28:0c:18:93:f6:ea:68:ac:38:25:88:56:82:
da:01:e0:b8:1d:09:b9:6a:c3:97:c9:03:8f:e6:cb:
2b:cc:5d:ba:d2:21:a3:dc:65:ad:00:6d:4d:54:ff:
0c:a6:97:07:31:76:61:29:9a:b3:16:bf:61:1a:82:
a6:33:81:a2:0a:04:21:e7:8b:27:d6:7c:d0:d3:93:
b3:0a:9c:d0:53:7c:4f:2e:ed:67:11:5e:ca:df:af:
b5:d8:93:7d:d2:1c:f8:17:11:e0:d9:c9:91:63:c2:
79:b2:55:e7:bd:21:95:0b:3b:e2:24:7c:d1:2b:4b:
45:a1:d2:5e:dc:93:5c:c9:21:61:b9:03:31:d9:15:
b0:de:85:17:fe:21:ec:78:55:a1:e4:a6:58:ca:a3:
68:2c:bd:93:b8:18:c0:7d:91:8e:58:a7:a1:35:75:
fe:40:3b:c9:73:93:21:c3:fc:5c:5f:7d:4f:a0:ee:
d4:16:16:5c:0a:fa:90:fd:43:5a:1d:3c:eb:07:9b:
28:41:eb:cd:eb:6e:f3:07:6d:c5:96:81:eb:51:43:
be:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:01:10:6A:43:09:9F:C5:60:8D:10:64:28:F7:F2:F7:DD:F9:6F:C2
X509v3 Authority Key Identifier:
keyid:2E:26:6D:C3:EA:D8:0E:B2:5D:49:85:8A:64:DC:1E:F1:C8:A1:B9:42
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/LiZtw-rYDrJdSYWKZNwe8cihuUI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LiZtw-rYDrJdSYWKZNwe8cihuUI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/76/XQEQakMJn8VgjRBkKPfy9935b8I.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
125.169.0.0/16
Signature Algorithm: sha256WithRSAEncryption
31:68:5b:49:d5:97:d4:03:6e:3b:75:6b:63:76:dd:1d:58:84:
19:e7:71:8e:93:1f:bb:96:3c:fc:9d:61:4d:93:2a:5c:a0:44:
a5:d9:ac:a4:1b:ee:02:00:c1:0b:95:7b:47:6a:a2:aa:53:4a:
22:de:9d:ac:19:23:41:b0:07:06:a9:57:e7:c8:96:1d:47:0e:
26:12:d3:23:d1:b4:18:f5:54:e5:24:6d:c7:9c:12:e9:a2:b1:
1a:b4:bc:ae:51:01:32:59:81:4b:32:27:29:38:71:f2:1b:7e:
fa:c8:9a:a6:d0:47:95:f9:2e:d5:fc:dd:3c:b2:ab:b0:11:a4:
4d:bd:c3:06:5e:a9:57:52:6a:18:5a:41:da:e8:24:dd:87:67:
1d:5f:f0:a3:cf:1a:09:a9:69:29:da:e9:84:86:18:6b:12:94:
9b:a8:e9:a2:3e:8a:fe:54:14:77:24:1e:de:22:92:a2:12:b9:
9e:ab:42:f5:69:fb:a7:15:82:7e:c7:9f:b0:64:bb:38:73:ea:
7d:b5:65:69:0d:c7:5a:a7:8f:75:4e:85:cb:ca:8d:56:7c:da:
ee:8f:bb:60:20:04:95:6e:87:45:a3:15:dc:62:26:3e:86:6b:
4b:66:a8:80:bf:89:54:90:98:83:f1:ef:63:6d:04:24:45:3e:
8c:61:46:97
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICHOgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkUy
NjZEQzNFQUQ4MEVCMjVENDk4NThBNjREQzFFRjFDOEExQjk0MjAeFw0yNTA2MTQx
NTA5NTRaFw0yNjA0MDkwNjMzMjFaMDMxMTAvBgNVBAMTKDVEMDExMDZBNDMwOTlG
QzU2MDhEMTA2NDI4RjdGMkY3RERGOTZGQzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7ChE+xLzOeclib/AaLPOXLKpTSnzCLz7BUe8gjL8D+tEX+lT9
eiSiu7qLRxRSKAwYk/bqaKw4JYhWgtoB4LgdCblqw5fJA4/myyvMXbrSIaPcZa0A
bU1U/wymlwcxdmEpmrMWv2EagqYzgaIKBCHniyfWfNDTk7MKnNBTfE8u7WcRXsrf
r7XYk33SHPgXEeDZyZFjwnmyVee9IZULO+IkfNErS0Wh0l7ck1zJIWG5AzHZFbDe
hRf+Iex4VaHkpljKo2gsvZO4GMB9kY5Yp6E1df5AO8lzkyHD/FxffU+g7tQWFlwK
+pD9Q1odPOsHmyhB683rbvMHbcWWgetRQ75jAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUXQEQakMJn8VgjRBkKPfy9935b8IwHwYDVR0jBBgwFoAULiZtw+rYDrJdSYWK
ZNwe8cihuUIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNzYv
TGladHctcllEckpkU1lXS1pOd2U4Y2lodVVJLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9MaVp0dy1yWURySmRTWVdLWk53ZThjaWh1VUkuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC83Ni9YUUVRYWtNSm44VmdqUkJr
S1BmeTk5MzViOEkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMA
fakwDQYJKoZIhvcNAQELBQADggEBADFoW0nVl9QDbjt1a2N23R1YhBnncY6TH7uW
PPydYU2TKlygRKXZrKQb7gIAwQuVe0dqoqpTSiLenawZI0GwBwapV+fIlh1HDiYS
0yPRtBj1VOUkbcecEumisRq0vK5RATJZgUsyJyk4cfIbfvrImqbQR5X5LtX83Tyy
q7ARpE29wwZeqVdSahhaQdroJN2HZx1f8KPPGgmpaSna6YSGGGsSlJuo6aI+iv5U
FHckHt4ikqISuZ6rQvVp+6cVgn7Hn7Bkuzhz6n21ZWkNx1qnj3VOhcvKjVZ82u6P
u2AgBJVuh0WjFdxiJj6Ga0tmqIC/iVSQmIPx72NtBCRFPoxhRpc=
-----END CERTIFICATE-----
Generated at Sat Jun 21 16:52:47 2025 by rpki-client